Introducing Claims Based Identity With OWIN Components


In the current development environment any developer wants to develop a secure ASP.NET application. Now any developer can get the benefit of an OWIN component preview that secures the ASP.NET applications with Windows Azure  AD, ADFS and any other identity provider supporting WS-Federation. The teams of ASP.NET and Active Directory were very busy to cooperate on a new OWIN-based programming model to secure the ASP.NET application, So, now it is possible.

Claims Based Identity and the .NET Framework

The Claims Based Identity made its debut in the development scenario in 2009, when the Windows Identity Foundation was released. At that time the only people working with claims based identity were individuals with a background in both development and administration. When the .NET 4.5 Framework was released, all the WIF classes migrated with the System.Security.Claims. Now this is available directly in all the project templates that are used in the Visual Studio 2013. The updates are released frequently in the NuGet Gallery for implementing the latest industry advancements.

Start with Microsoft.Owin.Security.WsFederation

You can refer to Introduction to OWIN to get the further information. The templates used in the Visual Studio 2013 are leveraged with this. The .NET Framework already provides all of the raw functionality for processing claims based identity flaws: token formats, cryptography and so on.

Claims Based Identity Support with Microsoft OWIN Components

Now the Microsoft.Owin.Security is extended to include the base classes to be used for implementing standard web sign in protocols such as OpenID or WS-Federation. Finally therefore a new component Microsoft.Owin.Security.WsFederation is created to handle the Ws-Federation protocol. The team started with this WS.Federation because that's the most commonly supported protocol in the current scenario and it also allows you to connect to both the Windows AD and ADFS from version 2.0 on. The support of OpenID will come soon.

You can easily install this package using the following command in the Package Manager Console:

Install-Package Microsoft.Owin.Security.WsFederation -Version 3.0.0-alpha1 -Pre

Installing WsFederation in Web Application 

Application Configuration

We can use an example of MVC application. In the Startup.Auth.cs file, we can configure it by the following code:

using Microsoft.AspNet.Identity;

using Microsoft.Owin;

using Microsoft.Owin.Security.Cookies;

using Microsoft.Owin.Security.WsFederation;

using Owin;


namespace MvcCricketer


    public partial class Startup


        // For more information on configuring authentication, please visit

        public void ConfigureAuth(IAppBuilder app)


            // Enable the application to use a cookie to store information for the signed in user

            app.UseCookieAuthentication(new CookieAuthenticationOptions


                //AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

                //LoginPath = new PathString("/Account/Login")




            app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions





            // Use a cookie to temporarily store information about a user logging in with a third party login provider



            // Uncomment the following lines to enable logging in with third party login providers


            //    clientId: "",

            //    clientSecret: "");



            //   consumerKey: "",

            //   consumerSecret: "");



            //   appId: "",

            //   appSecret: "");






In the code above, you can see the following two main factors, given below:

  • MetadataAddress: This value represents the Windows Azure AD tenant (you can use an ADFS instance) to authenticate the users. This does not change if you are writing line of business apps for the company.
  • Wtrealm: It represents the identifier for the application as assigned at the app configuration in the authority authentication.

More Advantages

  • Now it is possible in a single application to associate with the multiple authentication types.
  • It's now very easy to use claims-based identity in the self hosted scenarios

Note: If you want to apply it in the MVC App using Windows Azure AD then you can refer to the Securing MVC App with Windows Azure AD.


This article explained that there is a very new way to use a Claims Based Identity in the various project templates in Visual Studio 2013. This preview is available in the NuGet Gallery. Thanks for reading and Stay Updated.